European Commission Tightens Focus on GDPR Compliance

When the General Data Protection Regulation (GDPR) took effect in 2018, it was hailed as a landmark in global privacy legislation. However, five years on, companies and regulators alike are still struggling to navigate the gray areas, particularly when it comes to cross-border enforcement and the practical application of anonymization technologies.

That’s beginning to change.

In a move that signals a renewed sense of urgency, the European Commission is tightening its oversight of GDPR enforcement procedures, particularly for cases that span multiple EU member states. A set of procedural reforms, new reporting requirements, and a coordinated push for transparency are all part of the EU’s effort to ensure that data protection is not only codified but also enforceable in a timely and consistent manner.

What does that mean for organizations managing visual data, such as CCTV footage, dashcams, or body-worn video?

Let’s unpack.

What’s New from the European Commission?

In July 2023, the European Commission proposed a set of procedural rules aimed at easing GDPR enforcement, particularly for large-scale, cross-border cases. The key elements include:

• Mandatory bi-monthly reporting by national supervisory authorities (DPAs) for all open cross-border cases.
• Defined procedural rights for companies and individuals involved in investigations.
• Clarified mechanisms for dispute resolution between EU member state regulators.
• Stricter deadlines for the handling of complex, multi-jurisdictional complaints.

This renewed focus is aimed at achieving better performance. Critics have long pointed to inconsistencies in how GDPR is applied across the bloc, with some high-profile investigations dragging on for years. The European Commission’s message is clear: accountability can no longer be optional.

‍What This Means for Organizations Handling Visual Data

If your company handles videos, images, or audio that may contain personally identifiable information (PII), particularly in public spaces or sensitive environments, this shift in regulatory posture should serve as a wake-up call.

Under the GDPR, visual content is considered personal data when individuals can be identified. That means:

• Security footage must be reviewed and, when necessary, anonymized before being shared or stored.
• Data subjects (the people in your videos) have the right to request access, deletion, or clarification on how their data is processed.
• Organizations are required to implement technical and organizational measures to protect personal data, including anonymization, redaction, blurring, or masking where applicable.

And it’s not just about avoiding fines. It’s about building a responsible data culture that respects privacy by design.

Redaction and GDPR

One common misconception is that "blurring" or "pixelating" faces in video content is enough to meet GDPR requirements. In reality, regulators are increasingly looking at the robustness and reversibility of those anonymization techniques.

Redaction, when done correctly, is a form of irreversible anonymization that can help satisfy the legal requirement to render personal data unidentifiable.

Key capabilities include:

• Detection and redaction of faces, heads, license plates, screens, and identifying objects in video, images, and audio.
  
• The ability to redact selectively, ensuring non-relevant content is protected while maintaining evidentiary value.
  
• Local (on-device) redaction, minimizing risk by processing data without sending it to the cloud.
  
• Comprehensive audit logs that track what was redacted, when, and by whom, useful for chain of custody and data access requests.

How Redactor Supports GDPR Compliance

Sighthound Redactor offers tools that assist organizations in adhering to GDPR requirements:

• Data Minimization: Redactor does not process or store your data. It runs in your environment, on desktop, private cloud, or secure infrastructure, so you remain fully in control of your footage.
• Anonymization Features: Redactor is designed for irreversible redaction and visual anonymization. When used properly, it helps you satisfy GDPR’s requirements for data minimization and lawful processing of personal data.
  

Why AI-Powered Redaction Is Becoming a Compliance Essential

Regulators are moving faster. Expectations are higher. The volume of visual data captured by businesses, governments, and security systems continues to increase.

Manual redaction simply isn’t scalable.

That’s where automated redaction software steps in. With tools like Redactor, organizations can:

• Automatically detect and redact sensitive objects frame-by-frame.
• Reduce time spent on review and compliance preparation by over 80%.
• Ensure repeatability, accuracy, and documentation at scale.

And unlike general-purpose video editors or masking filters, Redactor is built for one job: protecting privacy in visual content. That purpose-built approach matters when you're facing a data subject request, a public records release, or a privacy audit.

Compliance Is Evolving. So Should Your Tools.

The European Commission’s procedural reforms serve as a reminder that compliance isn’t a static concept; it’s a moving target shaped by evolving technology, enforcement behavior, and public expectations.

Organizations that handle visual data, especially at scale, require tools that enable them to adapt. And that’s exactly where Sighthound Redactor fits in.

If your compliance strategy includes redacting video, audio, or image-based PII, Redactor offers the AI precision, deployment flexibility, and audit capabilities to do it right.

Want to see it in action? Watch this quick demo to get started.​

Ready to improve your GDPR compliance strategy? Start a free trial today.